In the ever-evolving threat landscape in computer networks (e.g., the Internet), cybercriminals continue to rely on an element of social engineering and phishing tactics to lure the user into clicking a Uniform Resource Locator (URL) and opening a malicious website that looks like the original site being targeted. Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. Phishing is the attempt to obtain sensitive information such as usernames, passwords, credit card details, or the like by masquerading as a trustworthy entity in an electronic communication. One example of social engineering and phishing tactics in attacks includes using a URL that looks like a legitimate URL, such as “typosquatting.” Typosquatting involves subtle mistakes such as typographical errors from a legitimate URL, such as, for example, wel1sfargo.com instead of the legitimate wellsfargo.com (note, the malicious domain, wel1sfargo.com, replaces the letter “l” with the number “1” which can trick a user, i.e., social engineering. Thus, a user receiving such a message (e.g., email) may be tricked into clicking on the malicious domain since it appears at first glance to be legitimate. These attacks result in user credential compromise or installation of a remote access Trojan that grants a backdoor access to the internal corporate network exposing sensitive information. Subtle mistakes in URLs are increasingly being used in these targeted attacks where cyber criminals are registering domains that look like the legitimate domain of the brand they are targeting. Traditional security filters that rely on the knowledge of known bad domains, URLs, or Server Internet Protocol (IP) address information will fail to identify these attacks.
There is a need to identify new malicious domains that are impersonating a popular brand as well as customer owned domains to target the end users.